Merge pull request #65 from MGatner/patches

Patch to framework latest
codeigniter4projects · May 13, 2021 · cc02f42 · cc02f42
2 parents ec6de7e + 08336b6
commit cc02f42
Show file tree

Hide file tree

Showing 24 changed files with 1,596 additions and 689 deletions.
diff --git a/app/Config/App.php b/app/Config/App.php
diff --git a/app/Config/Autoload.php b/app/Config/Autoload.php
@@ -6,8 +6,9 @@
 
 /**
  * -------------------------------------------------------------------
- * AUTO-LOADER
+ * AUTOLOADER CONFIGURATION
  * -------------------------------------------------------------------
+ *
  * This file defines the namespaces and class maps so the Autoloader
  * can find the files as needed.
  *
@@ -16,7 +17,6 @@
  */
 class Autoload extends AutoloadConfig
 {
-
 	/**
 	 * -------------------------------------------------------------------
 	 * Namespaces
@@ -31,13 +31,13 @@ class Autoload extends AutoloadConfig
 	 * else you will need to modify all of those classes for this to work.
 	 *
 	 * Prototype:
-	 *
+	 *```
 	 *   $psr4 = [
 	 *       'CodeIgniter' => SYSTEMPATH,
 	 *       'App'	       => APPPATH
 	 *   ];
-	 *
-	 * @var array
+	 *```
+	 * @var array<string, string>
 	 */
 	public $psr4 = [
 		APP_NAMESPACE => APPPATH, // For custom app namespace
@@ -55,12 +55,30 @@ class Autoload extends AutoloadConfig
 	 * were being autoloaded through a namespace.
 	 *
 	 * Prototype:
-	 *
+	 *```
 	 *   $classmap = [
 	 *       'MyClass'   => '/path/to/class/file.php'
 	 *   ];
-	 *
-	 * @var array
+	 *```
+	 * @var array<string, string>
 	 */
 	public $classmap = [];
+
+	/**
+	 * -------------------------------------------------------------------
+	 * Files
+	 * -------------------------------------------------------------------
+	 * The files array provides a list of paths to __non-class__ files
+	 * that will be autoloaded. This can be useful for bootstrap operations
+	 * or for loading functions.
+	 *
+	 * Prototype:
+	 * ```
+	 *	  $files = [
+	 *	 	   '/path/to/my/file.php',
+	 *    ];
+	 * ```
+	 * @var array<int, string>
+	 */
+	public $files = [];
 }
diff --git a/app/Config/Cache.php b/app/Config/Cache.php
@@ -46,6 +46,8 @@ class Cache extends BaseConfig
 	 * system.
 	 *
 	 * @var string
+	 *
+	 * @deprecated Use the driver-specific variant under $file
 	 */
 	public $storePath = WRITEPATH . 'cache/';
 
@@ -80,6 +82,20 @@ class Cache extends BaseConfig
 	 */
 	public $prefix = '';
 
+	/**
+	 * --------------------------------------------------------------------------
+	 * File settings
+	 * --------------------------------------------------------------------------
+	 * Your file storage preferences can be specified below, if you are using
+	 * the File driver.
+	 *
+	 * @var array<string, string|int|null>
+	 */
+	public $file = [
+		'storePath' => WRITEPATH . 'cache/',
+		'mode'      => 0640,
+	];
+
 	/**
 	 * -------------------------------------------------------------------------
 	 * Memcached settings

diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
@@ -1,48 +1,167 @@
-<?php namespace Config;
+<?php
+
+namespace Config;
 
 use CodeIgniter\Config\BaseConfig;
 
 /**
- * Class ContentSecurityPolicyConfig
- *
  * Stores the default settings for the ContentSecurityPolicy, if you
  * choose to use it. The values here will be read in and set as defaults
  * for the site. If needed, they can be overridden on a page-by-page basis.
  *
  * Suggested reference for explanations:
- *    https://www.html5rocks.com/en/tutorials/security/content-security-policy/
  *
- * @package Config
+ * @see https://www.html5rocks.com/en/tutorials/security/content-security-policy/
  */
 class ContentSecurityPolicy extends BaseConfig
 {
-	// broadbrush CSP management
+	//-------------------------------------------------------------------------
+	// Broadbrush CSP management
+	//-------------------------------------------------------------------------
+
+	/**
+	 * Default CSP report context
+	 *
+	 * @var boolean
+	 */
+	public $reportOnly = false;
 
-	public $reportOnly              = false; // default CSP report context
-	public $reportURI               = null; // URL to send violation reports to
-	public $upgradeInsecureRequests = false; // toggle for forcing https
+	/**
+	 * Specifies a URL where a browser will send reports
+	 * when a content security policy is violated.
+	 *
+	 * @var string|null
+	 */
+	public $reportURI = null;
 
-	// sources allowed; string or array of strings
+	/**
+	 * Instructs user agents to rewrite URL schemes, changing
+	 * HTTP to HTTPS. This directive is for websites with
+	 * large numbers of old URLs that need to be rewritten.
+	 *
+	 * @var boolean
+	 */
+	public $upgradeInsecureRequests = false;
+
+	//-------------------------------------------------------------------------
+	// Sources allowed
 	// Note: once you set a policy to 'none', it cannot be further restricted
+	//-------------------------------------------------------------------------
+
+	/**
+	 * Will default to self if not overridden
+	 *
+	 * @var string|string[]|null
+	 */
+	public $defaultSrc = null;
+
+	/**
+	 * Lists allowed scripts' URLs.
+	 *
+	 * @var string|string[]
+	 */
+	public $scriptSrc = 'self';
+
+	/**
+	 * Lists allowed stylesheets' URLs.
+	 *
+	 * @var string|string[]
+	 */
+	public $styleSrc = 'self';
+
+	/**
+	 * Defines the origins from which images can be loaded.
+	 *
+	 * @var string|string[]
+	 */
+	public $imageSrc = 'self';
+
+	/**
+	 * Restricts the URLs that can appear in a page's `<base>` element.
+	 *
+	 * Will default to self if not overridden
+	 *
+	 * @var string|string[]|null
+	 */
+	public $baseURI = null;
 
-	public $defaultSrc     = null; // will default to self if not over-ridden
-	public $scriptSrc      = 'self';
-	public $styleSrc       = 'self';
-	public $imageSrc       = 'self';
-	public $baseURI        = null;    // will default to self if not over-ridden
-	public $childSrc       = 'self';
-	public $connectSrc     = 'self';
-	public $fontSrc        = null;
-	public $formAction     = 'self';
+	/**
+	 * Lists the URLs for workers and embedded frame contents
+	 *
+	 * @var string|string[]
+	 */
+	public $childSrc = 'self';
+
+	/**
+	 * Limits the origins that you can connect to (via XHR,
+	 * WebSockets, and EventSource).
+	 *
+	 * @var string|string[]
+	 */
+	public $connectSrc = 'self';
+
+	/**
+	 * Specifies the origins that can serve web fonts.
+	 *
+	 * @var string|string[]
+	 */
+	public $fontSrc = null;
+
+	/**
+	 * Lists valid endpoints for submission from `<form>` tags.
+	 *
+	 * @var string|string[]
+	 */
+	public $formAction = 'self';
+
+	/**
+	 * Specifies the sources that can embed the current page.
+	 * This directive applies to `<frame>`, `<iframe>`, `<embed>`,
+	 * and `<applet>` tags. This directive can't be used in
+	 * `<meta>` tags and applies only to non-HTML resources.
+	 *
+	 * @var string|string[]|null
+	 */
 	public $frameAncestors = null;
-	public $mediaSrc       = null;
-	public $objectSrc      = 'self';
-	public $manifestSrc    = null;
 
-	// mime types allowed; string or array of strings
+	/**
+	 * The frame-src directive restricts the URLs which may
+	 * be loaded into nested browsing contexts.
+	 *
+	 * @var array|string|null
+	 */
+	public $frameSrc = null;
+
+	/**
+	 * Restricts the origins allowed to deliver video and audio.
+	 *
+	 * @var string|string[]|null
+	 */
+	public $mediaSrc = null;
+
+	/**
+	 * Allows control over Flash and other plugins.
+	 *
+	 * @var string|string[]
+	 */
+	public $objectSrc = 'self';
+
+	/**
+	 * @var string|string[]|null
+	 */
+	public $manifestSrc = null;
+
+	/**
+	 * Limits the kinds of plugins a page may invoke.
+	 *
+	 * @var string|string[]|null
+	 */
 	public $pluginTypes = null;
 
-	// list of actions allowed; string or array of strings
+	/**
+	 * List of actions allowed.
+	 *
+	 * @var string|string[]|null
+	 */
 	public $sandbox = null;
-
 }